New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding UDK/UDC to service client #19141
Adding UDK/UDC to service client #19141
Conversation
This pull request is protected by Check Enforcer. What is Check Enforcer?Check Enforcer helps ensure all pull requests are covered by at least one check-run (typically an Azure Pipeline). When all check-runs associated with this pull request pass then Check Enforcer itself will pass. Why am I getting this message?You are getting this message because Check Enforcer did not detect any check-runs being associated with this pull request within five minutes. This may indicate that your pull request is not covered by any pipelines and so Check Enforcer is correctly blocking the pull request being merged. What should I do now?If the check-enforcer check-run is not passing and all other check-runs associated with this PR are passing (excluding license-cla) then you could try telling Check Enforcer to evaluate your pull request again. You can do this by adding a comment to this pull request as follows: What if I am onboarding a new service?Often, new services do not have validation pipelines associated with them. In order to bootstrap pipelines for a new service, please perform following steps: For track 2 SDKs Issue the following command as a pull request comment:
|
sdk/storage/azblob/internal/exported/storage_account_credential.go
Outdated
Show resolved
Hide resolved
sdk/storage/azblob/internal/exported/user_delegation_credential.go
Outdated
Show resolved
Hide resolved
sdk/storage/azblob/internal/exported/user_delegation_credential.go
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR looks great now! Nice work.
userDelegationKey UserDelegationKey | ||
} | ||
|
||
// AccountName returns the Storage account's Name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment isn't right
return f.accountName | ||
} | ||
|
||
// GetUDKParams is a helper method for accessing the user delegation key parameters outside of this package. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment isn't right
return udc.computeHMACSHA256(message) | ||
} | ||
|
||
// GetUDKParams returns UserDelegationKey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment isn't right
@@ -82,6 +83,23 @@ func NewClientFromConnectionString(connectionString string, options *ClientOptio | |||
return NewClientWithNoCredential(parsed.ServiceURL, options) | |||
} | |||
|
|||
// GetUserDelegationCredential obtains a UserDelegationKey object using the base ServiceURL object. | |||
// OAuth is required for this call, as well as any role that can delegate access to the storage account. | |||
func (s *Client) GetUserDelegationCredential(ctx context.Context, info KeyInfo, o *GetUserDelegationCredentialOptions) (*UserDelegationCredential, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this method. We DO need a method that returns a UDK but the customer can easily create a credential from this and so I see no reason to provide this additional functionality; we don't have it for any other kind of credential.
Adding the option to create a service client with UDK. Tests in progress!
#18976, #16916, #18977